Terraform AWS EKS¶

Terraform module which creates Amazon EKS (Kubernetes) cluster resources on AWS with comprehensive features including managed node groups, Fargate profiles, EKS Auto Mode, add-ons, and IRSA.

Implemented Controls¶

The following compliance controls are implemented in this module.

Compliance.tf registry endpoints¶

ACSC Essential EightACSC ISM March 2023AWS Control Tower GuardrailsAWS Generative AI Best Practices v2AWS Well-Architected Framework v10CCCS Medium Cloud Control ProfileTitle 21 CFR Part 11CIS AWS Benchmark v1.4.0CIS AWS Benchmark v5.0.0CIS AWS Benchmark v6.0.0CIS Controls v8.0 IG1CISA Cyber EssentialsEU GMP Annex 11FedRAMP Low Baseline Rev 4FedRAMP Moderate Baseline Rev 4FFIEC Cybersecurity Assessment ToolGDPRHIPAA Omnibus Rule 2013ISO/IEC 27001:2013NIST SP 800-171 Rev 2NIST SP 800-53 Rev 5NIST Cybersecurity Framework v2.0NYDFS Cybersecurity RegulationPCI DSS v4.0RBI Cyber Security Framework for UCBsRBI IT Framework for NBFCsSOC 2

module "eks" {
  source  = "acscessentialeight.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "acscism2023.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "awscontroltower.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "awsgenai.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "awswellarchitected.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "cccsmedium.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "cfrpart11.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "cis.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "cisv500.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "cisv600.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "cisv80ig1.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "cisacyberessentials.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "eugmpannex11.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "fedramplow.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "fedrampmoderate.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "ffiec.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "gdpr.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "hipaa.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "iso27001.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "nist800171.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "nist80053.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "nistcsf.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "nydfs23.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "pcidss.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "rbicybersecurity.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "rbiitfnbfc.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

module "eks" {
  source  = "soc2.compliance.tf/terraform-aws-modules/eks/aws"
  version = "<version>"

  # ... your arguments here
}

See the Technical Usage Guide to get started and read the Features section for more details on how to customize the module for your requirements.

Mapped compliance frameworks¶

ACSC Essential EightACSC ISM March 2023CIS Controls v8.0 IG1EU GMP Annex 11HIPAA Omnibus Rule 2013NIST SP 800-171 Rev 2PCI DSS v4.0

EKS clusters should have control plane audit logging enabled

ISM-1402: Protecting credentials

EKS clusters should be configured to have kubernetes secrets encrypted using KMS

EKS clusters endpoint should restrict public access

EKS clusters should be configured to have kubernetes secrets encrypted using KMS

EKS clusters should be configured to have kubernetes secrets encrypted using KMS

EKS clusters endpoint should restrict public access